github.com/cortexproject/cortex (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/cortexproject/cortex, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2024-41265 — CVSS 7.5 (high): A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the…
CVE-2022-23536 — CVSS 6.5 (medium): Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0…
CVE-2021-31232 — CVSS 5.5 (medium): The Alertmanager in CNCF Cortex before 1.8.1 has a local file disclosure vulnerability when -experimental.alertmanager.enable-api is used…
CVE-2021-36157 — CVSS 5.3 (medium): An issue was discovered in Grafana Cortex through 1.9.0. The header value X-Scope-OrgID is used to construct file paths for rules files…